Risk and Compliance

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is a certifiable risk based international standard for setting requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). By establishing an effective and mature information security management system, organizations can ensure the preservation of the confidentiality, integrity, and availability of information assets.

ISO 22301:2012

ISO 22301:2012 is a certifiable international standard for setting requirements for establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS). By establishing an effective and mature business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters.

ISO/IEC 20000-1:2018

ISO/IEC 20000-1:2018 is a certifiable international standard for setting requirements for the design, transition, delivery and improvements of services and establishment of a Service Management System (SMS). By establishing an effective and mature service management system, organizations can ensure effective IT Service Delivery.

NCEMA 7000:2015

The Supreme Council for National Security National Emergency Crisis and Disasters Management Authority (NCEMA) AE/SCNS/NCEMA 7000:2015 standard mandates establishing, implementing, maintaining and continually improving a Business Continuity Management System (BCMS) within UAE entities. By establishing an effective business continuity management system, organizations can ensure minimum disruption of services during incidents or disasters while complying with national regulations.

UAE Information Assurance Standards

National Electronic Security Authority (NESA) UAE information assurance standards provide requirements to implement information security controls to ensure protection of information assets and supporting systems across all entities in the UAE. By complying with UAE IA standards, organizations can ensure the protection of information assets.

Risk Management

EBDAA follows a comprehensive approach in risk management in accordance to international standards and best practices. Our methodology will ensure effective risk management and enhancing maturity levels to reduce risks within the organization. Our comprehensive approach helps organizations to better identify their risks in details, analyze them, assess them, mitigate them, and review and monitor implemented controls to ensure effectiveness.

Gap Analysis

Gap Analysis eases the implementation of any standard as it provides a holistic view of current compliance status and the maturity level of the organization in relation to the standard. EBDAA’s Gap Analysis approach is based on multiple information sources such as document review, information collection, site visits, observations, and assessments of current controls.

Audits

Audits are carried out in order to identify non-conformities and ensuring compliance with standards and regulators. Auditing is the best tool for ensuring continual improvement of any management system. In order to ensure continual improvement EBDAA assists your organization to take appropriate corrective action against any finding.

Data Classification

Only data and information that is appropriately classified and labeled can be adequately protected. EBDAA follows a structured approach for classifying data based on the environmental scan of your organization. By understanding the organizational environment we suggest different data classification schemes in order to select the most suitable scheme for your organization. Our data classification approach complies with standards and best practices.

Incident Handling Frameworks

In order to enable organizations to follow a proactive approach in mitigating risks and handling incidents, EBDAA will assist in creating all frameworks, policies, and procedures needed to establish an effective information security incident response team (ISIRT) based on various standards and best practices such as ISO/IEC 27035:2011, ISO/IEC 27037:2012, etc. This team will be responsible for the detection, handling, investigation, and eradication of security incidents.